source: http://www.securityfocus.com/bid/6862/info
php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.
http://www.example.com/user/[NICKNAME].txt